To setup php mysql and perl cgi-bin, yum install httpd php mysql mysql-server php-mysql yum install perl mod_perl perl-DBD-mysql In httpd 2.4.6-6 we got the following "Got error: %pre(httpd-2.4.6-6.fc20.x86_64) scriptlet failed, exit status 127 https://fedoraproject.org/wiki/Common_F20_bugs#RPM_scriptlets_fail_during_updates shows that it is a bug in SELinux policy introduced via an update causes RPM scriptlets to fail to execute in Fedora 20 if SELinux is enabled and is in enforcing mode which is the default in Fedora 20. It is sad even this can happen. Run the following set of command to fix To resolve such problems, run the following commands as root user or using sudo. The first command disables SELinux enforcement for the current session and the subsequent commands expire the yum caching and gets the SELinux policy update which fixes this issue and the last command enables SELinux enforcement back. # setenforce 0 # yum clean expire-cache # yum update selinux-policy\* # setenforce 1 " The error seems to be fixed with the new pacakges. Did not see it happens to viva.uccs.edu installation. yum install httpd systemctl enable httpd.service systemctl start httpd.service setsebool -P httpd_enable_homedirs true to enable also the https, try yum install mod_ssl openssl Then restart httpd service systemctl restart httpd.service or add mod_ssl openssl in the original yum install list Enable firewall to allow httpd firewall-cmd --permanent --zone=public --add-service http firewall-cmd --permanent --zone=public --add-service https Note that current firwall may not activate http and https until reboot. you may want to try firewall-cmd --add-service http firewall-cmd --add-service https To setup vnc-server first yum -y install tigervnc-server setup vnc password with vncpasswd Then firewall-cmd --permanent --zone=public --add-service vnc-server To test if php works, try copy info.php and test it. cd /var/www/html scp root@walrus.uccs.edu:/home/cs3110/public_html/php/info.php . llow individual user to have public and run scripts such as php The block directory no long in /etc/httpd/conf/httpd.conf enable individual public_html access by cd /etc/httpd/conf.d/ edit userdir.conf To allow individual user to have public and run scripts such as php The block directory no long in /etc/httpd/conf/httpd.conf enable individual public_html access by cd /etc/httpd/conf.d/ edit userdir.conf comment out line 17 UserDir disabled uncomment line 24 #UserDir public_html run "systemctl restart httpd.service setsebool -P httpd_enable_homedirs true test the access on individual web page We install suphp yum install mod_suphp yum info suphp vi /usr/share/doc/mod_suphp-0.6.3/README.fedora edit /etc/httpd/conf.d/mod_suphp.conf Add the folowing two directives at the top and wrap up with so that it onlys applies to the individual directory and not that on /var/www/cgi-bin or html otherwise those php script in system directories will not work. LoadModule suphp_module modules/mod_suphp.so ### Uncomment to activate mod_suphp suPHP_AddHandler php5-script The commented line "suPHP_AddHandler php5-script" has to be uncommented, for mod_suphp to work. Add block directive at the end of mod_suphp.conf set check_vhost_docroot=false in the /etc/suphp.conf !!! note that in suphp.conf file, mod_suphp uses ; as comment character. ; use # will caurse an error for httpd operation!!! What a convention! make sure unmask 0022 instead of 0077 so that the directory can be read When upload.php gets "open grade.txt failed!", it could be the raster file was copied to the home directory and inherit the "user_home_t" type instead of httpd_user_content_t [root@viva cs526]# ls -Z CS526S2014Grade.txt -rwx------. cs526 cs526 unconfined_u:object_r:user_home_t:s0 CS526S2014Grade.txt We can change the type with chcon -R -t httpd_user_content_t /home/cs526/CS526S2014Grade.txt When the upload.php gets "Possible file upload attack" or cannot create directory on /home/gsc/public_html/pub/ directory, it could be caused by SELINUX. You can change the context chcon -R -t public_content_rw_t /home/gsc/public_html/pub/ setsebool -P allow_smbd_anon_write 1 setsebool -P allow_httpd_anon_write 1 Also the public_html directory where the scripts resides cannot have group writable, change it to 711. [root@localhost ~]# yum install httpd Loaded plugins: langpacks, refresh-packagekit Resolving Dependencies --> Running transaction check ---> Package httpd.x86_64 0:2.4.10-1.fc20 will be installed --> Finished Dependency Resolution Dependencies Resolved ================================================================================ Package Arch Version Repository Size ================================================================================ Installing: httpd x86_64 2.4.10-1.fc20 updates 1.2 M Transaction Summary ================================================================================ Install 1 Package Total download size: 1.2 M Installed size: 3.8 M Is this ok [y/d/N]: y Downloading packages: httpd-2.4.10-1.fc20.x86_64.rpm | 1.2 MB 00:01 Running transaction check Running transaction test Transaction test succeeded Running transaction (shutdown inhibited) error: %pre(httpd-2.4.10-1.fc20.x86_64) scriptlet failed, exit status 127 Error in PREIN scriptlet in rpm package httpd-2.4.10-1.fc20.x86_64 Verifying : httpd-2.4.10-1.fc20.x86_64 1/1 Failed: httpd.x86_64 0:2.4.10-1.fc20 Complete! [root@localhost ~]# setenforce 0 [root@localhost ~]# yum clean expire-cache Loaded plugins: langpacks, refresh-packagekit Cleaning repos: fedora updates 2 metadata files removed [root@localhost ~]# yum update selinux-policy\* Loaded plugins: langpacks, refresh-packagekit fedora/20/x86_64/metalink | 20 kB 00:00 updates/20/x86_64/metalink | 17 kB 00:00 Resolving Dependencies --> Running transaction check ---> Package selinux-policy-targeted.noarch 0:3.12.1-116.fc20 will be updated ---> Package selinux-policy-targeted.noarch 0:3.12.1-179.fc20 will be an update --> Finished Dependency Resolution Dependencies Resolved ================================================================================ Package Arch Version Repository Size ================================================================================ Updating: selinux-policy-targeted noarch 3.12.1-179.fc20 updates 3.8 M Transaction Summary ================================================================================ Upgrade 1 Package Total download size: 3.8 M Is this ok [y/d/N]: y Downloading packages: selinux-policy-targeted-3.12.1-179.fc20.noarch.rpm | 3.8 MB 00:01 Running transaction check Running transaction test Transaction test succeeded Running transaction (shutdown inhibited) Updating : selinux-policy-targeted-3.12.1-179.fc20.noarch 1/2 242k Cleanup : selinux-policy-targeted-3.12.1-116.fc20.noarch 2/2 Verifying : selinux-policy-targeted-3.12.1-179.fc20.noarch 1/2 Verifying : selinux-policy-targeted-3.12.1-116.fc20.noarch 2/2 Updated: selinux-policy-targeted.noarch 0:3.12.1-179.fc20 Complete! [root@localhost ~]# [root@localhost ~]# [root@localhost ~]# setenforce 1 [root@localhost ~]# yum install httpd Loaded plugins: langpacks, refresh-packagekit Resolving Dependencies --> Running transaction check ---> Package httpd.x86_64 0:2.4.10-1.fc20 will be installed --> Finished Dependency Resolution Dependencies Resolved ================================================================================ Package Arch Version Repository Size ================================================================================ Installing: httpd x86_64 2.4.10-1.fc20 updates 1.2 M Transaction Summary ================================================================================ Install 1 Package Total download size: 1.2 M Installed size: 3.8 M Is this ok [y/d/N]: y Downloading packages: httpd-2.4.10-1.fc20.x86_64.rpm | 1.2 MB 00:00 Running transaction check Running transaction test Transaction test succeeded Running transaction (shutdown inhibited) Installing : httpd-2.4.10-1.fc20.x86_64 1/1 Verifying : httpd-2.4.10-1.fc20.x86_64 1/1 Installed: httpd.x86_64 0:2.4.10-1.fc20 Complete! See https://fedoraproject.org/wiki/Common_F20_bugs#RPM_scriptlets_fail_during_update Fedora SELinux maintainers have a policy of only loosening the policy and typically never tightening it on updates precisely to avoid such kind of problems, however a policy inclusion meant for Rawhide, the development version of Fedora was accidentally included in this release. Fedora SELinux maintainers will be setting up a much higher karma requirement for new updates to avoid similar problems in the future. [GD library for web graphic] yum install gd gd-devel php-gd [Email] Fedora offers two primary MTAs: Postfix and Sendmail. Postfix is configured as the default MTA and Sendmail is considered deprecated. yum install postifx with selinux if we would like to send email through the Mail::sendmail we need to setsebool in two places: setsebool -P httpd_can_network_connect 1 setsebool -P httpd_can_sendmail 1 Take a while to debug this. Especailly the first one. getsebool -a |grep httpd Restart the postfix service after changing any options in the configuration files under the /etc/postfix directory in order for those changes to take effect. To do so, run the following command as root: ~]# systemctl restart postfix 10.3.1.2. Basic Postfix Configuration By default, Postfix does not accept network connections from any host other than the local host. Perform the following steps as root to enable mail delivery for other hosts on the network: Edit the /etc/postfix/main.cf file with a text editor, such as vi. Uncomment the mydomain line by removing the hash sign (#), and replace domain.tld with the domain the mail server is servicing, such as example.com. Uncomment the myorigin = $mydomain line. Uncomment the myhostname line, and replace host.domain.tld with the host name for the machine. Uncomment the mydestination = $myhostname, localhost.$mydomain line. Uncomment the mynetworks line, and replace 168.100.189.0/28 with a valid network setting for hosts that can connect to the server. Uncomment the inet_interfaces = all line. Comment the inet_interfaces = localhost line. Restart the postfix service. Setting up SSH without password On client: 1. run ssh-keygen (it generates public key and private key) 2. run ssh-copy-id -i ~/.ssh/id_rsa.pub remote-host 3. ssh remote-host (or scrp or rsync) [phpMyAdmin setup] 1. Make sure to edit the config.inc.php file and specified the blowfish_secret for cookie authentication. The default key there is too big. [Sun Sep 22 15:02:31.823524 2013] [:error] [pid 10072] [client 128.198.16.135:49645] PHP Warning: mcrypt_encrypt(): Size of key is too large for this algorithm in /var/www/html/phpmyadmin/libraries/mcrypt.lib.php on line 71, referer: http://walrus.uccs.edu/phpmyadmin/ Change the following $cfg['blowfish_secret'] = 'directives are explained in Documentation.html and on phpMyAdmi'; to $cfg['blowfish_secret'] = 'my devoted servant walrus'; # pick on that is decent size but not too long. 2. copy /usr/share/phpMyAdmin to /var/www/html/phpMyAdmin may need to change SELinux type so httpd can read it chcon -R -t httpd_sys_content_t phpMyAdmin/ 3. edit /etc/httpd/conf.d/phpMyAdmin.conf change /usr/share to /var/www/html